Skip to main content

Need the shared environment model?

Read the Fundamentals page for the shared model, then use this guide for CLI promotion workflows.
Variable promotion lets you move one or more variable keys from a source environment to a target environment through an approval workflow. This keeps environment changes auditable and reviewable while staying inside Ghostable’s zero-knowledge model.

Create a Promotion Request

Run the guided flow:
The CLI will guide you through:
  • selecting source environment,
  • selecting target environment,
  • selecting one or more variable keys,
  • choosing whether to include current values.
include values defaults to false. In this mode, key names are preserved while values are intentionally blank in the request payload.

Scriptable create example

Review Pending Requests

List pending requests in the current project:
Use guided review:
Or review a specific request:
Guided review lets you choose:
  • Approve
  • Reject
  • Cancel

Approve, Reject, or Cancel Directly

Approve:
Approve with override values:
Reject:
Cancel:

Include-Values vs Blank-Values Behavior

  • include values = false: request carries key names with blank values.
  • include values = true: request includes encrypted payloads for current source values when available on your device.
If a source value cannot be decrypted on your current device, approval may require explicit override values (--set KEY=VALUE).

Recovery and Terminal States

  • If create/approve fails due to key-signature access requirements, CLI performs one controlled key-share recovery attempt, then retries once.
  • If a request is already resolved, CLI exits cleanly with explicit status instead of retrying destructively.

Continue

Environment workflows

Return to push, pull, sync, diff, and validation workflows.

Device and key re-share

Review device identity and key re-sharing flows used during recovery paths.

Security controls matrix

Map promotion review controls to audit and operational evidence.